CYBER-SECURITY : WEEKLY REPORT (August 16, 2017)

Russia is at it again, warned western experts. New cyber-attacks on Scottish parliament systems and Europe’s top hotels are blamed on the Russian government hackers. They mounted a “brute force” attack on Scottish parliament computer systems earlier this week in an attempt to access numerous email accounts of legislators and their staff. The attack was similar to the sustained assault on computers at Westminster in June, which security officials blamed on the Russian government.

Cybersecurity firm, FireEye, stated that hackers matching the profile of a pro-Kremlin group managed to wrest at least partial control of wireless networks at several hotels across Europe last month, in what appears to be a widespread intelligence-gathering effort aimed at government and business travelers. The firm identified APT 28, which is also known by the names of Fancy Bear and Pawn Storm, as the likely perpetrator of a campaign that involved sending a malware-laden reservation document to at least three major hotel chains including the reservation desks of at least six hotels in European capitals. The hotel industry has been a ripe target for hackers in recent years because of the wealth of personal financial information flowing through a hotel’s payment and reservation systems, experts say.

The investigation into hacking of the American Democratic National Committee is said to have found its first `live’ witness who may help uncover Russian hand in the controversy. He is a Ukrainian and reportedly surrendered to police. The hacker, known only by his online identity Profexer, suddenly vanished from the web just days after American intelligence agencies publicly declared a program he had written as one tool used in the hacking of the Committee systems. There is no evidence of his working for Russian intelligence services but American experts seem to believe that pro-Kremlin hacker groups may have outsourced development of tools to private vendors.

For those countries that struggle to protect their IT systems from adversarial powers and cyber criminals, the Baltic state of Estonia offers best lessons how to defend themselves. The military blog, CyberOne, carried a report, “Every Country should have a Cyber War: What Estonia learned from Russian Hacking”, tracing how Estonia, in just over two decades since independence from former Soviet Union, has become one of the world’s most digitally innovative and efficient countries.

Tallinn was in the middle of a political battle with Moscow in 2007, when it was suddenly hit by three weeks of D-DoS (Designated Denial of Service) attacks. As a result, the internet shut down as websites were bombarded with traffic. Instead of submitting, Estonia stood up and fought for the security of its cyberspace. The attacks made Estonia more determined than ever to develop its digital economy and made it safe from future attacks. Taavi Kotka, former chief information officer, told a NATO conference that every country should have a cyber war, which helps citizens get to understand what it means and deal with it. That explains why Estonia has become the shining example for NATO countries to emulate. India too can pick up a lesson or two.

Most government departments worldwide, including military wings, erroneously believe that their systems are secure and cannot be compromised. Often this proved to be a misplaced bravado. Well-meaning cyber security experts were always ridiculed when they point out potential vulnerabilities until they were breached. US Department of Defence has now opened its `Bug Bounty’ vulnerability-finding contest to selective foreign experts too. The recent `Hack the Air Force’ program has uncovered a record 207 vulnerabilities in its major online systems. Such controlled use of `ethical hackers’ is of immense value for governments to be pre-warned of vulnerabilities in their systems and get them patched before the `Black Hats’ can exploit them.

INTER-STATE CYBER-WARFARE

Scottish parliament hit by cyber-attack similar to Westminster assault

https://www.wsj.com/articles/hotels-targeted-by-hackers-matching-pro-kremlin-profile-1502456438 Hackers matching the profile of a pro-Kremlin group managed to wrest at least partial control of wireless networks at several hotels across Europe last month, a cybersecurity firm said Friday, exposing what it said appears to be a widespread intelligence-gathering effort aimed at government and business travelers. Security-research firm FireEye Inc. FEYE 1.33% identified a hacker group it calls APT28—also known by the names Fancy Bear and Pawn Storm—as the likely perpetrator of a campaign that involved sending a malware-laden reservation document to at least three major hotel chains, including the reservation desks of at least six hotels in European capitals, and one in the Middle East.

In Ukraine, a Malware Expert Who Could Blow the Whistle on Russian Hacking

http://www.npr.org/2017/08/10/542634370/russian-cyberattack-targeted-elections-vendor-tied-to-voting-day-disruptions When people in several North Carolina precincts showed up to vote last November, weird things started to happen with the electronic systems used to check them in. “Voters were going in and being told that they had already voted — and they hadn’t,” recalls Allison Riggs, an attorney with the Southern Coalition for Social Justice. The electronic systems — known as poll books — also indicated that some voters had to show identification, even though they did not. Investigators later discovered the company that provided those poll books had been the target of a Russian cyberattack. There is no evidence the two incidents are linked, but the episode has revealed serious gaps in U.S. efforts to secure elections.

State Election Officials to Get Security Clearances for Cyberthreat Data

https://www.wsj.com/articles/state-election-officials-to-get-security-clearances-for-cyberthreat-data-1502394314 The Department of Homeland Security is clearing the way for state election officials to apply for security clearances so they can review classified information about cyberthreats to their election systems, federal and state authorities said in interviews this week. The move comes after many state officials criticized the federal agency for, in their view, failing to provide certain information about suspected attempts to hack voter-registration systems during the 2016 presidential election.

China investigating Baidu, Tencent, Weibo for breaching cyber laws

http://www.thehindu.com/news/international/china-investigating-baidu-tencent-weibo-for-breaching-cyber-laws/article19471283.ece?homepage=true China’s cyber regulator on Friday said it was investigating the country’s top social media sites over failing to comply with strict laws that ban content which is violent, obscene or deemed offensive to the Communist Party. The Cyberspace Administration said it was investigating Tencent Holdings Group Ltd’s WeChat, Weibo Corp and Baidu Inc’s forum site Tieba over suspected violations of the country’s strict cybersecurity laws. Cyber surveillance is being tightened further ahead of the 19th National Congress of the Communist Party of China expected to be held later this year, when global attention will be on news coming from the world’s second-biggest economy.

China Lays the foundation for building a hack-proof global quantum communication network

http://www.business-standard.com/article/current-affairs/china-s-quantum-satellite-sends-unbreakable-signals-from-space-117081000582_1.html China has sent an unbreakable code from its satellite to the Earth, laying the foundation for building a hack-proof global quantum communication network, official media said today. The achievement based on experiments conducted with the world’s first quantum satellite, Quantum Experiments at Space Scale (QUESS), was published in the authoritative academic journal Nature. The Nature reviewers commented that the experiment was an impressive achievement, and constituted a milestone in the field, state-run Xinhua news agency reported. Nicknamed “Micius,” after a 5th Century BC Chinese philosopher and scientist, the 600-kilogram- plus satellite was sent into a sun-synchronous orbit at an altitude of 500 kilometers on August 16, 2016.

‘Every Country Should Have a Cyber War’: What Estonia Learned from Russian Hacking

http://www.defenseone.com/technology/2017/08/every-country-should-have-cyber-war-what-estonia-learned-russian-hacking/140217/?oref=defenseone_today_nl Estonia’s journey down the digital road has been astonishingly fast. When it gained independence from the Soviet Union in 1991, it had almost no money and few natural resources. But it did have one advantage: It was the designated center for software and computer production for the USSR. After achieving independence, the country had a pool of tech expertise for them to build on. Estonia’s biggest turning point was 10 years ago, when the country came under sustained cyberattack. The attacks made Estonia more determined than ever to develop its digital economy and make it safe from future attacks.

Pakistan hackers target Bengaluru school website

http://www.deccanchronicle.com/nation/current-affairs/150817/pakistan-hackers-target-bengaluru-school-website.html With independence days of both India and Pakistan falling on subsequent days, there’s always a sense of turmoil during the period. While there isn’t any bloodshed, there are certainly a lot of casualties in the cyber warfare between hackers from the neighbours. A victim of this is the webpage of Vinayaka Public school. On Sunday, parents and students were shocked to see the page with crossbones and the Pakistan flag, along with expletives against India. The hackers claimed that this was in retaliation to when Indian hackers defaced government websites of Pakistan and assured that all the data stored on the website has been completely erased.

CYBER-SECURITY

17-Year-Old Hacks US Air Force For The Biggest Bug Bounty

http://www.defenseone.com/technology/2017/08/17-year-old-hacks-air-force-biggest-bug-bounty/140165/?oref=defenseone_today_nl The Defense Department’s third vulnerability-finding contest invited international participants to attack USAF websites. They found the most bugs yet. Foreign and domestic hackers probed hundreds of security holes in critical Air Force networks for weeks in late spring, and the Pentagon knew all about it. But instead of getting punished, the hackers got paid. The Defense Department’s third and most successful bug bounty program, Hack the Air Force, uncovered a record 207 vulnerabilities in the branch’s major online systems. Unlike previous bug bounty programs that were open only to Americans, Hack the Air Force invited hackers from four countries outside the U.S. to participate: Australia, Canada, New Zealand and the United Kingdom.

Microsoft unveils technology to speed up blockchain and its adoption

http://in.reuters.com/article/microsoft-blockchain-idINKBN1AQ1K6 Microsoft Corp is working on technology that it believes can make blockchain-based systems faster and more private, as it looks to speed up use of the distributed database software by enterprises. The company said that it had developed a system called Coco Framework, which connects to different blockchain networks to solve some of the issues that have slowed down their adoption, including speed and privacy concerns. Coco, whose names stands for Confidential Consortium, will be ready and made open source by 2018, Microsoft said. It is currently compatible with Ethereum, one of the most popular types of blockchains and can make it roughly 100 times faster, Microsoft said.

Kaspersky Lab to withdraw Microsoft antitrust complaints

http://in.reuters.com/article/us-usa-kasperskylab-microsoft-antitrust-idINKBN1AQ0IO Kaspersky Lab said on Wednesday it would withdraw antitrust complaints made in Europe against Microsoft after the U.S. technology giant agreed to change how it delivers security updates to Windows users. Both companies simultaneously announced a resolution to nearly a year of disputes that included Kaspersky alleging that Microsoft had erected unfair obstacles for independent security vendors on its Windows 10 operating system.

British cybersecurity expert pleads not guilty to US charges

http://www.deccanchronicle.com/technology/in-other-news/150817/british-cybersecurity-expert-pleads-not-guilty-to-us-charges.html A British cybersecurity researcher credited with helping curb a recent worldwide ransomware attack pleaded not guilty Monday to federal charges accusing him of creating malicious software to steal banking information three years ago. Marcus Hutchins entered his plea in Wisconsin federal court, where prosecutors charged him and an unnamed co-defendant with conspiring to commit computer fraud in the state and elsewhere. Authorities arrested the 23-year-old man on Aug. 2 at McCarran International Airport in Las Vegas, where he was going to board a flight to his home. Hutchins faces decades in prison if convicted on all the charges.

https://www.theguardian.com/technology/2017/aug/11/marcus-hutchins-arrested-wannacry-kronos-cybersecurity-experts-react The cybersecurity community, however, has rallied behind Hutchins, with many experts expressing disbelief that he would have knowingly been involved in a criminal conspiracy. The case is also driving a wedge between governments and the independent cybersecurity experts they often rely on, with one expert pledging to stop collaborating with law enforcement. Marcus Hutchins, who found a ‘kill switch’ for the WannaCry ransomeware that wreaked havoc in May, has been arrested over a separate piece of malware called Kronos.

Uber Settles With FTC Over Data-Privacy Protections

https://www.wsj.com/articles/uber-settles-with-ftc-over-data-privacy-protections-1502819449 Uber Technologies Inc. agreed to two decades of audits as part of a settlement with the Federal Trade Commission over allegations the ride-hailing company didn’t have sufficient data-privacy protections for its users. The settlement revolves around a 2014 incident in which more than 100,000 names and driver’s-license numbers were accessed in a breach of Uber’s database. The FTC said Uber didn’t take enough steps to secure data, such as including multifactor authentication. Uber will now undergo regular third-party audits every two years for the next 20 years to certify it has privacy protections in place that meet or exceed FTC requirements, according to the terms of the settlement.

http://www.nextgov.com/cybersecurity/2017/08/more-bad-news-irs-about-taxpayer-info-security/140231/?oref=defenseone_today_nl The IRS is still failing to adequately protect U.S. taxpayers’ personal information and sensitive financial data, according to an audit report announced Monday. The Government Accountability Office is not releasing the text of the report because it contains either classified or sensitive but unclassified information, the auditor said. The title of the report cited “control deficiencies” that “limit IRS’s effectiveness in protecting sensitive financial and taxpayer data.” While details of this report aren’t public, GAO published an unclassified report with the same title in July, which likely covered similar ground.

CYBER-CRIME

HBO vows to stop playing ‘games’ after latest hack

http://www.business-standard.com/article/international/hbo-vows-to-stop-playing-games-after-latest-hack-117081400768_1.html After being blackmailed for weeks, US-based television network HBO has now vowed to stop playing games with the cyber bullies, who late on Sunday leaked the yet-to-air episodes of five shows which do not include material related to marquee series Game of Thrones (GoT). On Friday, in a bid to contain further leaks from a group of hackers, HBO reportedly offered to pay $250,000 to those who stole nearly 1.5TB data, including scripts of GoT and other employee information, from the TV network. The e-mail, dated July 27, containing the ‘bug bounty’ offer was leaked by the hacker who goes by the name ‘Little Finger’ in a message promising a “second wave”.

Four arrested in Mumbai for leaking ‘Game of Thrones’ Episode 4

http://www.business-standard.com/article/economy-policy/four-arrested-in-mumbai-for-leaking-game-of-thrones-episode-4-117081402053_1.html Almost 10 days after the unreleased Episode 4 of “Game of Thrones” (GoT) Season 7 was leaked, Maharashtra Police on Monday arrested four people who were involved in the dissemination of the material regarding the HBO’s marquee show. The episode was scheduled to be aired for viewing in US on August 6 and India on August 7, was leaked online from Star India. Prime Focus Technologies accepted that the leakage had happened at its end and lodged an FIR against an employee alleging that he, along with another former employee and other persons, unauthorisedly gained access to the episode and leaked it.

Cyberattacks: Why Indian entertainment firms are vulnerable and easy prey for hackers

http://www.business-standard.com/article/pf/global-cyberattacks-prompt-india-inc-to-run-for-cover-117081200742_1.html With a spate in globally orchestrated cyberattacks, many non-information technology (IT) and -banking companies are enquiring and purchasing cyber insurance worth up to $100 million (Rs 640 crore). Earlier, only IT and banking companies would purchase cyber insurance, as their business in developed countries required them to comply with data protection regulations. But now, many manufacturing, pharmaceutical, automobile and ancillary activity, oil and energy, as well as utility companies were showing an interest in and purchasing customised cyber and commercial crime policies that cover a range of risks. This is now a necessity, claim experts, as India is one of the top destinations for digital services, with the government pushing digitisation and an increasing smartphone and internet penetration. At the same time, India is also one of the top targets of cybercrimes — it was the third-worst hit country by WannaCry.

Blizzard Entertainment hit with weekend DDOS attack

https://threatpost.com/blizzard-entertainment-hit-with-weekend-ddos-attack/127440/ Blizzard Entertainment reported a crippling DDoS attack over the weekend creating chronic latency and connection issues for players of games Overwatch, World of Warcraft and others. The DDoS attack has since subsided, according to Blizzard, but users are still grousing on Twitter over lingering connection issues and feature unavailability within some games.

http://www.homelandsecuritynewswire.com/dr20170816-cybercriminals-are-not-as-anonymous-as-we-think?page=0,1 Understanding a cybercriminal’s backstory – where they live, what they do and who they know, is key to cracking cybercrime. Online crime is of course online, but there is also a surprisingly strong offline and local dimension. Cybercriminals are often seen as faceless, international, computer masterminds, who are almost impossible to identify or understand as a result. But contextualizing their threat and motivations is key to stopping them. In new research published in the journal Policing, researchers working on the Human Cybercriminal Project in Oxford’s Department of Sociology explored the local and offline dimension of cybercrime.

Locky Ransomware variant slips past some defenses

https://threatpost.com/locky-ransomware-variant-slips-past-some-defenses/127496/ A variant of the notorious Locky ransomware is part of a large scale email-based campaign managing to slip past the defenses of some unsuspecting companies. Beginning on Aug 9, and lasting three days, ransomware called IKARUSdilapidated landed in tens of thousands of inboxes with email that contains little to no content along with a malicious dropper file attachment, according to Comodo Threat Intelligence Lab. The attachment is an archive file, with the name `E2017-08-09(580).vbs’ where 580 number changing for each email and `vbs’ is an extension which varies as well, said Comodo.

Daily Stormer might have made up hack to stir up anti-semitic conspiracy theories, Anonymous account suggests

http://www.homelandsecuritynewswire.com/dr20170816-usb-connections-less-secure-than-has-been-thought USB connections, the most common interface used globally to connect external devices to computers, are vulnerable to information “leakage,” making them even less secure than has been thought. Researchers tested more than 50 different computers and external USB hubs and found that over 90 percent of them leaked information to an external USB device. “It has been thought that because that information is only sent along the direct communication path to the computer, it is protected from potentially compromised devices. “But our research showed that if a malicious device or one that’s been tampered with is plugged into adjacent ports on the same external or internal USB hub, this sensitive information can be captured. That means keystrokes showing passwords or other private information can be easily stolen.”

Flash’s final countdown has begun

https://threatpost.com/flashs-final-countdown-has-begun/127475/ In 2020, Abode will retire the much maligned Flash Player. A large part of the problem, experts say, despite progress in hardening its attack surface, is that it’s not secure enough. Flash continues to be a massive attack target that needs to go, they said. Replacing it will be open standards such as HTML5, WebGL and WebAssembly. These browser-based alternatives to Flash offer the same capabilities and functionalities.

Google removes Chrome Extension used in Banking fraud

https://threatpost.com/google-removes-chrome-extension-used-in-banking-fraud/127469/ Google has removed from the Chrome Web Store a malicious browser extension used by criminals in Brazil to target corporate users with the aim of stealing banking credentials. These attacks are just the latest in a growing trend of fraud exploiting Chrome extensions. In the last two weeks, researchers have reported at least eight popular Chrome plugins had been hijacked and were being abused to manipulate internet traffic and serve ads in the browser.

Seven more Chrome Extensions compromised

https://threatpost.com/seven-more-chrome-extensions-compromised/127458/ The number of compromised Chrome browser extensions is growing beyond the initial Aug 1 hijacking of the OCR add-on called Copyfish. Added to list are seven additional legitimate Chrome Extensions that attackers took over and used to manipulate internet traffic and web-based ads, according to researchers at Proofpoint.

Attackers Backdoor another software update mechanism

https://threatpost.com/attackers-backdoor-another-software-update-mechanism/127452/ Attackers infiltrated the update mechanism for a popular server management software package as recently as last month and modified it to include a backdoor. NetSarang, which has headquarters in South Korea and the United States, has removed the backdoored update, but not before it was activated on at least one victim’s machine in Hong Kong. Some of its customers include large enterprises operating in a number of industries, including financial services, energy, retail, technology, media and more.

DNA sequencing tools vulnerable to cybersecurity risks

http://www.homelandsecuritynewswire.com/dr20170815-dna-sequencing-tools-vulnerable-to-cybersecurity-risks?page=0,1 Rapid improvement in DNA sequencing has sparked a proliferation of medical and genetic tests that promise to reveal everything from one’s ancestry to fitness levels to microorganisms that live in your gut. A new study finds evidence of poor computer security practices used throughout the field. Researchers have also demonstrated for the first time that it is possible — though still challenging — to compromise a computer system with a malicious computer code stored in synthetic DNA. When that DNA is analyzed, the code can become executable malware that attacks the computer system running the software.

Windows search bug worth watching, and squashing

https://threatpost.com/windows-search-bug-worth-watching-and-squashing/127434/ Last week’s Patch Tuesday updates from Microsoft included a critical Windows Search vulnerability that, in some corners, has raised eyebrows as to whether this is the next big one. All the pieces are there for someone to build a wormable exploit, but can it be done in a similar timeframe to WannaCry, and without an available NSA exploit, for example?

Smart Locks bricked by bad update

https://threatpost.com/smart-locks-bricked-by-bad-update/127427/ A botched wireless update for a remotely accessible smart lock system has bricked hundreds of them. The locks suffered a “fatal error,” according to device’s manufacturer LockState, rendering them unable to lock. Customers are asked to either return impacted locks for repair or request a replacement.

Protection Protocols: Cyber-Securing Video Surveillance

http://www.securityinfowatch.com/article/12351313/protection-protocols-cyber-securing-video-surveillance Since the early 1990s, there has been a silent but very real war being waged – a cyber war. Currently, China has between 50,000 and 100,000 troops in its “cyber” divisions. This is up from 15,000 in 1998. While the media has covered larger events over the past few years, such as Stuxnet, Carbanak, and the Yahoo and Sony hacks, there are a reported 60,000 new malware signatures identified each day. As our world has evolved technologically over the last 20 years, so have the frontlines of this war – which now includes consumer electronics.

CONFERENCES AND RESEARCH & DEVELOPMENT

Spotting data theft – quickly!

http://www.homelandsecuritynewswire.com/dr20170809-spotting-data-theft-quickly Computer experts have always struggled to find solutions for protecting businesses and authorities from network breaches. This is because there are too many vague indicators of potential attacks. With PA-SIEM, IT managers have a solution that effectively protects their systems while exposing data thieves and criminal hackers more quickly than conventional software. This profile-based anomaly detection software is being developed at the Fraunhofer Institute for Communication, Information Processing and Ergonomics FKIE in Bonn. Instead of relying only on predefined rules to detect cyberattacks, PA-SIEM is said to calculate typical attack patterns from incomplete or weak indictors.

Hacking cybersecurity in order to anticipate attacks

http://www.homelandsecuritynewswire.com/dr20170811-hacking-cybersecurity-in-order-to-anticipate-attacks?page=0,1In cybersecurity, understanding the potential for attacks is critical. This is especially true for mobile and wireless devices, since they are constantly connected and continuously streaming and collecting data. Noubir recently organized the 2017 Conference on Security and Privacy in Wireless and Mobile Networks, hosted at Northeastern University in July. With more than 4.8 billion mobile subscribers and 275,000 different apps available, there are plenty of opportunities for security and privacy breaches. And in the wireless world, they are typically not isolated to one feature of the phone, tablet, or computer. A cyber-assault can infect the entire machine.

https://news.bitcoin.com/us-foreign-sanctions-bill-mandates-that-governments-monitor-cryptocurrency/ President Trump has signed a controversial foreign sanctions bill into law that mandates the Iranian, Russian, and North Korean governments must monitor cryptocurrency circulations as a measure to combat “illicit finance trends”. The bill requires that governments develop a national security strategy to combat the “financing of terrorism and related forms of illicit finance”. Governments will be required to monitor “data regarding trends in illicit finance, including evolving forms of value transfer such as so-called cryptocurrencies.”

At Manhattan Rooftop Bash, Dreams of Bitcoin Riches

https://www.wsj.com/articles/at-manhattan-rooftop-bash-dreams-of-bitcoin-riches-1502370000 A record rise in digital currencies bitcoin and Ethereum has entrepreneurs and speculators jumping at new opportunities. Late last month, more than 300 people crowded onto a rooftop bar in Manhattan to celebrate Ethereum, the latest cryptocurrency to soar and capture speculators’ imaginations. It has been a galvanizing year for Ethereum and the more established bitcoin, both of which have shattered records in 2017. A new method of fundraising, initial coin offerings, has pulled in more than $1 billion collectively for startups in the first six months of 2017, boosting Ethereum in particular since it is the main currency used to fund the deals.